The WordPress password reset vulnerability allows an attacker to directly obtain the password reset link without authentication in some cases. The attacker may obtain unauthorized access to WordPress accounts, resulting in data leakage.

Condition and method of exploitation

Remote exploitation

Affected scope

WordPress Core <= 4.7.4

How to fix or mitigate

Follow up the latest official version of WordPress, and upgrade WordPress in a timely manner.